Vulnerability Note VU#973654

Overview

The Linux kernel contains a denial-of-service vulnerability that allows local users to disable affected hosts.

Description

Several versions of the Linux kernel contain a defect in their use of the Intel processor instruction set. The "fsave" and "frstor" instructions are used to store and restore the state of the processor's floating point unit (FPU), respectively. Typically, manipulation of the FPU is handled by the compiler of a high-level programming language, but some languages allow programmers to invoke assembly instructions directly.

By using a combination of calls to fsave and frstor, it is possible to write a simple program that will force the Linux kernel into an infinite signal handling loop. When this occurs, the kernel will fail to operate properly or respond to input, causing a denial-of-service condition. Such a program does not require specialized tools or privileged system access, so it is possible for any local user to exploit this vulnerability.

Impact

This vulnerability allows local users to disable the Linux kernel on affected hosts, resulting in a denial-of-service condition.

Solution

Apply a patch from your vendor

The Systems Affected section of this document contains a list of vendors that have been notified of this issue, as well as their responses.